‼ CVE-2022-23849 ‼
📖 Read
via "National Vulnerability Database".
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42950 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24563 ‼
📖 Read
via "National Vulnerability Database".
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24573 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.📖 Read
via "National Vulnerability Database".
⚠ Ransomware with a difference: “Derestrict your software, or else!” ⚠
📖 Read
via "Naked Security".
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-0528 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1.📖 Read
via "National Vulnerability Database".
🗓️ ‘We’re firefighters for victims of armed conflict’ – Hackers Without Borders co-founder on NGO’s timely arrival 🗓️
📖 Read
via "The Daily Swig".
‘We had NGOs for press, medical staff, and mental health issues, but not for cyber-attack victims’📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
We’re ‘firefighters’ for victims of armed conflict – Hackers Without Borders co-founder on NGO’s timely arrival
‘We had NGOs for press, medical staff, and mental health issues, but not for cyber-attack victims’
🕴 How Retailers Can Address 'Buy Now, Pay Later' Fraud 🕴
📖 Read
via "Dark Reading".
As BNPL platforms grow in popularity, experts warn that cybercriminals could target them using synthetic identity fraud and first-party fraud.📖 Read
via "Dark Reading".
Dark Reading
How Retailers Can Address 'Buy Now, Pay Later' Fraud
As BNPL platforms grow in popularity, experts warn that cybercriminals could target them using synthetic identity fraud and first-party fraud.
⚠ S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now (or read it, if that's your preference)...📖 Read
via "Naked Security".
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
Latest episode – listen now (or read it, if that’s your preference)…
❌ Securing Data With a Frenzied Remote Workforce–Podcast ❌
📖 Read
via "Threat Post".
Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”📖 Read
via "Threat Post".
🕴 How to Get One Step Ahead of Mobile Attacks 🕴
📖 Read
via "Dark Reading".
The advent of so-called "dropper" apps, which deliver and install malware that can also be later updated, is an emerging threat vector for mobile users.📖 Read
via "Dark Reading".
Dark Reading
How to Get One Step Ahead of Mobile Attacks
The advent of so-called "dropper" apps, which deliver and install malware that can also be later updated, is an emerging threat vector for mobile users.
‼ CVE-2021-40635 ‼
📖 Read
via "National Vulnerability Database".
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23648 ‼
📖 Read
via "National Vulnerability Database".
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40636 ‼
📖 Read
via "National Vulnerability Database".
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.📖 Read
via "National Vulnerability Database".
❌ Russia Leaks Data From a Thousand Cuts–Podcast ❌
📖 Read
via "Threat Post".
It’s not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.📖 Read
via "Threat Post".
Threat Post
Russia Leaks Data From a Thousand Cuts–Podcast
It’s not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.
🗓️ Nvidia hackers allegedly attempting to blackmail company into open-sourcing GPU drivers 🗓️
📖 Read
via "The Daily Swig".
Unusual demand follows request that hardware firm removes mining hashrate limiters on GPUs📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Nvidia hackers allegedly attempting to blackmail company into open-sourcing GPU drivers
Unusual demand follows request that hardware firm removes mining hashrate limiters on GPUs
‼ CVE-2021-40637 ‼
📖 Read
via "National Vulnerability Database".
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43774 ‼
📖 Read
via "National Vulnerability Database".
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0753 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0841 ‼
📖 Read
via "National Vulnerability Database".
OS Command Injection in GitHub repository ljharb/npm-lockfile prior to v2.0.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22706 ‼
📖 Read
via "National Vulnerability Database".
An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.📖 Read
via "National Vulnerability Database".